Risk Management

Logcat and Dumpsys

More useful information about the system is provided by commands such as adb logcat (Figure 3), which displays the Android's FIFO buffer – a very interesting source of information of which hackers have occasionally also made use [2]. The dumpsys and bugreport tools in the ADB shell are similarly helpful. An interactive call to adb bugreport >/tmp/bugreport outputs a complete dump of the running system's configuration. Figure 4 uses a dumpsys example with more to show how it can be used with classic Unix tools to improve readability with the use of a pipe or output redirection to a file.

Figure 3: Typing adb logcat outputs the system log. This output shows unlocking the display and an attempted backup.

Figure 4: The dumpsys command first lists the process list of the active system.

On tablets, you can run CyanogenMod 10.1.3, which gives users and admins far more configuration options in many cases; it is a rooted system whose more recent versions include the critical remote wipe button in the web interface (Figure 5).

Figure 5: If you take up the CyanogenMod offer (as of version 10.2) and purchase an account, you are rewarded with a remote wipe feature, among other things.

Always Create a Backup Before Flashing

Before installing an alternative – typically a more recent, faster, and more reliable – image on a tablet or smartphone, admins should always create a backup. As indicated, you can do this with no trouble at the command line. ADB not only supports a shell mode but can also be used interactively with options such as push and pull for file transfer or with backup and restore as a backup tool. Using adb backup <file> writes all user data to a file; similarly, adb restore <file> restores the previous state. Caution: A file created in this way can be several gigabytes, and creating it will take a while.

That said, backing up and restoring can save the admin time and anxiety, especially compared with completely restoring an Android, along with searching for login data or configuration details. Full restore reinstates a defined, secure original state.

Like the Very First Time

However, this process is usually not very useful for restoring a broken or compromised system. If you need to analyze a damaged system, including traces of a break-in, you can do so at your leisure in a virtual Android environment that comes with the SDK tools. A look at the backup options using adb help explains how you can back up and restore an Android device used by multiple users (e.g., with a shared area).

To restore Androids by different manufacturers to a reasonably safe original state free of bloat and spyware at the same time, installing a free image is recommended. To do this, in this example, you need a Nexus 7 tablet (the 2013 model for around US$  200/EUR  200), three matching files, and another tool from the SDK: Fastboot.